Tom Lowenthal, Staff Technologist, Committee to Protect Journalists
When researching security/privacy and developing tools, it is tempting to focus on the abstract technical merits of a problem. In practice, attacks are not graded for difficulty, only success. Why spend the time and expense of a zero-day exploit which bypasses ASLR to achieve remote code execution when spearphishing is so effective? The biggest barriers to widespread computer security are not technical. Wide deployment of privacy-preserving tools and trustworthy computers isn't limited by cutting-edge challenges in cryptography or formal methods. The obstacles are getting everyday tools to implement secure development best-practices, incorporate end-to-end crypto, and offer multi-factor authentication. The problem is fighting an endless public relations war about whether we should have to invent the impossible to create back-doors or design tools which protect their users except when the user is trying to do something bad.
Here's the trick: think and talk about journalists. Talking about journalism as a first-class use case changes the mental calculus. It allows for focus on the real technical challenges of developing safe systems, and bypasses poorly-thought-out objections. Even better, thinking about the needs of journalists as first class users helps make design choices which better protect all users.
Tom Lowenthal is a technologist and activist committed to combating our contemporary cyberpunk mass-surveillance dystopia. By day, they're the staff technologist for the tech program at the Committee to Protect Journalists. By night, they practice robust self-care because mental health is important and burnout can be a killer. Tom's also a fellow at Stanford's Center for Internet and Society; They've previously worked at the Tor Project and Mozilla. They're a big believer in individual privacy, self-determination, and practical usable tools.
Enigma is a registered trademark of the USENIX Association.